Health Insurance Portability and Accountability Act (HIPAA)-compliant privacy access control model for Web services /

Cheng, Sin Ying.

January 2006

Thesis (M.Phil.)--Hong Kong University of Science and Technology, 2006. / Includes bibliographical references (leaves 96-100). Also available in electronic version.

Confidentiality of tribunal acts the civil law implications in the U.S.A. of canon 1598, [par.] 1 /

McGoldrick, Albert W.

January 1986

Thesis (J.C.L.)--Catholic University of America, 1986. / Includes bibliographical references (leaves 82-91).

Personal privacy protection within pervasive RFID environments /

Hedefine, Eeva Kaarina,

January 2006

Thesis (M.S.) in Spatial Information Science and Engineering--University of Maine, 2006. / Includes vita. Includes bibliographical references (leaves 145-156).

User Controlled Privacy Protection in Location-Based Services

Bhaduri, Anuket

January 2003

No description available.

Mobile computing

Privacy, Right of

Telecommunication systems

Wireless communication systems

Distribution Volume Tracking on Privacy-Enhanced Wireless Grid

Uzuner, Ozlem

25 July 2004

In this paper, we discuss a wireless grid in which users are highly mobile, and form ad-hoc and sometimes short-lived connections with other devices. As they roam through networks, the users may choose to employ privacy-enhancing technologies to address their privacy needs and benefit from the computational power of the grid for a variety of tasks, including sharing content. The high rate of mobility of the users on the wireless grid, when combined with privacy enhancing mechanisms and ad-hoc connections, makes it difficult to conclusively link devices and/or individuals with network activities and to hold them liable for particular downloads. Protecting intellectual property in this scenario requires a solution that can work in absence of knowledge about behavior of particular individuals. Building on previous work, we argue for a solution that ensures proper compensation to content owners without inhibiting use and dissemination of works. Our proposal is based on digital tracking for measuring distribution volume of content and compensation of authors based on this accounting information. The emphasis is on obtaining good estimates of rate of popularity of works, without keeping track of activities of individuals or devices. The contribution of this paper is a revenue protection mechanism, Distribution Volume Tracking, that does not invade the privacy of users in the wireless grid and works even in the presence of privacy-enhancing technologies they may employ.

AI

Intellectual Property Protection

Privacy

Wireless Computational Grid

Address spreading in future Internet supporting both the unlinkability of communication relations and the filtering of non legitimate traffic

Fourcot, Florent

15 January 2016

The rotation of identifiers is a common security mechanism to protect telecommunication; one example is the frequency hopping in wireless communication, used against interception, radio jamming and interferences. In this thesis, we extend this rotation concept to the Internet. We use the large IPv6 address space to build pseudo-random sequences of IPv6 addresses, known only by senders and receivers. The sequences are used to periodically generate new identifiers, each of them being ephemeral. It provides a new solution to identify a flow of data, packets not following the sequence of addresses will be rejected. We called this technique “address spreading”. Since the attackers cannot guess the next addresses, it is no longer possible to inject packets. The real IPv6 addresses are obfuscated, protecting against targeted attacks and against identification of the computer sending a flow of data. We have not modified the routing part of IPv6 addresses, so the spreading can be easily deployed on the Internet. The “address spreading” needs a synchronization between devices, and it has to take care of latency in the network. Otherwise, the identification will reject the packets (false positive detection). We evaluate this risk with a theoretical estimation of packet loss and by running tests on the Internet. We propose a solution to provide a synchronization between devices. Since the address spreading cannot be deployed without cooperation of end networks, we propose to use ephemeral addresses. Such addresses have a lifetime limited to the communication lifetime between two devices. The ephemeral addresses are based on a cooperation between end devices, they add a tag to each flow of packets, and an intermediate device on the path of the communication, which obfuscates the real address of data flows. The tagging is based on the Flow Label field of IPv6 packets. We propose an evaluation of the current implementations on common operating systems. We fixed on the Linux Kernel behaviours not following the current standards, and bugs on the TCP stack for flow labels. We also provide new features like reading the incoming flow labels and reflecting the flow labels on a socket.

Netzwerk

IPv6

Datenschutz

Privacy

IPv6

Security

ddc:000

rvk:ST 200

Developing a framework for e-commerce privacy and data protection in developing nations : a case study of Nigeria

Adelola, Tiwalade

January 2017

The emergence of e-commerce has brought about many benefits to a country s economy and individuals, but the openness of the Internet has given rise to misuse of personal data and Internet security issues. Therefore, various countries have developed and implemented cyber-security awareness measures to counter this. However, there is currently a definite lack in this regard in Nigeria, as there are currently, little government-led and sponsored Internet security awareness initiatives. In addition, a security illiterate person will not know of the need to search for these awareness programmes online, particularly in Nigeria s case, where personal information security may not be regarded as an overly important issue for citizens. Therefore, this research attempts to find a means to reduce the privacy and data protection issues. It highlights the privacy and data protection problem in developing countries, using Nigeria as a case study, and seeks to provide a solution focusing on improving Internet security culture rather than focusing on solely technological solutions. The research proves the existence of the privacy and data protection problem in Nigeria by analysing the current privacy practices, Internet users perceptions and awareness knowledge, and by identifying factors specific to Nigeria that influence their current privacy and data protection situation. The research develops a framework for developing countries that consists of recommendations for relevant stakeholders and awareness training. In the case of Nigeria, the stakeholders are the government and organisations responsible for personal information security, and an awareness training method has been created to take into account Nigeria s unique factors. This training method encompasses promoting Internet security awareness through contextual training and promoting awareness programmes. Industry experts and Nigerian Internet users validated the framework. The findings obtained from the validation procedure indicated that the framework is applicable to the current situation in Nigeria and would assist in solving the privacy and Internet problem in Nigeria. This research offers recommendations that will assist the Nigerian government, stakeholders such as banks and e commerce websites, as well as Nigerian Internet users, in resolving the stated problems.

mHealth and the need of evaluation processes

Eschricht, Johannes

January 2018

There are currently a great deal of available health applications available on various app-stores around the globe and more is being added each day. With that vast amount of available options, which health applications are trustworthy and offers the functionality that the users are looking for? With the current regulations and classification processes, it is difficult to know if mHealth services offers the high standards that it should. This thesis investigates the need for mHealth services tobe subject of an evaluation process, by a health organization or a government agency, to ensure that quality standards are high. We discover the current “state-of-the-art” of mHealth and the privacy-and usability aspects of mHealth, we find outif evaluated and approved mHealth applications are believed to be more attractive to use than the non-evaluated counterparts, and lastly, we identify what aspects is important to evaluate of mHealth applications. To provide answers to the thesis, we perform a literature review and distribute a survey to a small group of potential users of mHealth services. The literature review provides information about the current state of mHealth around the globe. Moreover, the literature review also reveals that both usability, but especially privacy, is of major importance when creating mHealth services. We also discover that there are voices from field experts that suggests mHealth services to be subject of an evaluation process, similar to what we suggest in this thesis. With the survey, we identify the respondents’ current utilization of mHealth services. We also find out what aspects they believe is important and if their trust and utilization of an evaluated and approved mHealth service would be affected compared to a non-evaluated counterpart. The respondents of the survey is parents of young children, a group that is likely in need of medical attention in one way or another and still has the technical experience that is required to answer the survey.

mHealth

evaluation process

privacy

usability

Software Engineering

Programvaruteknik

Family Educational Rights and Privacy Act (FERPA) Safety and Health Exceptions and Employee Privacy Training

January 2010

abstract: Sparked by the Virginia Tech Shooting of 2007 and the resultant changes to the Family Educational Rights and Privacy Act, a review was conducted of FERPA's impact on university policies regarding student privacy and safety. A single, private university's policies were reviewed and a survey was distributed to 500 campus employees who had recently completed the university's FERPA training to determine if the university's current training was effective in training employees to understand FERPA's health and safety exceptions clause. The results showed that while the university's training was effective in training employees how to safeguard students' academic records, employees did not have a clear understanding of which information they could or should share in response to a threat to health and safety or to which university entity they should route safety concerns. The survey suggests that the university's FERPA training should be expanded to include training on FERPA's health and safety exceptions, including the communication of clear reporting lines for possible threats to campus safety and security. / Dissertation/Thesis / M.S.Tech Technology 2010

Higher Education

Education Policy

Employee

Exceptions

FERPA

Privacy

Safety

Training

Privacy Preserving Service Discovery and Ranking For Multiple User QoS Requirements in Service-Based Software Systems

January 2011

abstract: Service based software (SBS) systems are software systems consisting of services based on the service oriented architecture (SOA). Each service in SBS systems provides partial functionalities and collaborates with other services as workflows to provide the functionalities required by the systems. These services may be developed and/or owned by different entities and physically distributed across the Internet. Compared with traditional software system components which are usually specifically designed for the target systems and bound tightly, the interfaces of services and their communication protocols are standardized, which allow SBS systems to support late binding, provide better interoperability, better flexibility in dynamic business logics, and higher fault tolerance. The development process of SBS systems can be divided to three major phases: 1) SBS specification, 2) service discovery and matching, and 3) service composition and workflow execution. This dissertation focuses on the second phase, and presents a privacy preserving service discovery and ranking approach for multiple user QoS requirements. This approach helps service providers to register services and service users to search services through public, but untrusted service directories with the protection of their privacy against the service directories. The service directories can match the registered services with service requests, but do not learn any information about them. Our approach also enforces access control on services during the matching process, which prevents unauthorized users from discovering services. After the service directories match a set of services that satisfy the service users' functionality requirements, the service discovery approach presented in this dissertation further considers service users' QoS requirements in two steps. First, this approach optimizes services' QoS by making tradeoff among various QoS aspects with users' QoS requirements and preferences. Second, this approach ranks services based on how well they satisfy users' QoS requirements to help service users select the most suitable service to develop their SBSs. / Dissertation/Thesis / Ph.D. Computer Science 2011

Computer Science

Nonfunctional Requirement

Privacy Preserving

QoS

Ranking

Service Discovery